Audit and Assurance

Expand all | Collapse all

IT control testing with testing procedures

Jump to Best Answer
  • 1.  IT control testing with testing procedures

    Posted 24 Jul, 2019 05:50
    Dear Team,

    Looking for a security control testing with testing procedures against security controls. Purpose of this tool i am looking for to manage IT compliance in easy way.


    ------------------------------
    Shridhar Kuppannagari
    Lead Consultant
    ------------------------------


  • 2.  RE: IT control testing with testing procedures
    Best Answer

    Online Forum Topic Leader
    Posted 24 Jul, 2019 06:41
    @Shridhar Kuppannagari,

    Can you please provide some more detail?  What controls?  The actual testing or the recording. tracking etc. of same?

    Best Regards,

    Ian​

    ------------------------------
    Ian Cooke
    Audit & Assurance Topic Leader
    ISACA Journal Columnist
    ------------------------------



  • 3.  RE: IT control testing with testing procedures

    Posted 25 Jul, 2019 03:15
    Hello Ian,

    Control framework can be considered as ITGC/ ISO 27001/PCI or CCF. Against each control there could be defined control testing procedures which can be considered as a testing scripts, for the effectiveness of the control in our IT environment.


    ------------------------------
    Shridhar Kuppannagari
    Lead Consultant
    ------------------------------



  • 4.  RE: IT control testing with testing procedures

    Posted 25 Jul, 2019 03:34
    Hello Shridhar
    Hope you are doing.
    For IT security purpose, you can try the CIS or NIST controls to test the maturity of your security level. CIS have 3 domains of control (Basic, Foundational and Organizational)

    ------------------------------
    Issiaga Emmanuel CAMARA
    IT System Supervisor
    ------------------------------



  • 5.  RE: IT control testing with testing procedures

    Posted 29 Jul, 2019 07:14
    Hello Camara,

    Thanks for your reply. I already have NIST controls for maturity assessment. Here i am looking for audit scripts which can be used to check the effectiveness of the security controls. like ITGC / SOX and other technical controls from other frameworks. For example - i have to check privilege access management evidence, so is there any script that I can run and get the details for the same. So similarly i want audit scripts for various security controls.


    ------------------------------
    Shridhar Kuppannagari
    Lead Consultant
    ------------------------------



  • 6.  RE: IT control testing with testing procedures

    Posted 29 Jul, 2019 18:42
    Helllo Shridhar
    I understand you.
    you can test Lusas for unix/linux OS

    https://github.com/Boran/lusas

    ------------------------------
    Issiaga Emmanuel CAMARA
    IT System Supervisor
    ------------------------------



  • 7.  RE: IT control testing with testing procedures

    Posted 30 Jul, 2019 05:14
    Hello Camara,

    Thanks for your reply. I am looking for a test procedures for ITGC and SOX IT controls and any other unified security controls where test procedures are define to conduct test to check effectiveness of the control.

    Regards
    Shridhar

    ------------------------------
    Shridhar Kuppannagari
    Lead Consultant
    ------------------------------



  • 8.  RE: IT control testing with testing procedures

    Online Forum Topic Leader
    Posted 14 Aug, 2019 15:07
    @Shridhar Kuppannagari,

    Apologies for my late reply - just back from holidays.  I'm not sure you will find "off the shelf" procedures for these items.  You can test linux (as has been pointed out), databases (e.g. Oracle), Windows etc. using tools/scanners etc. but you are likely to need to code or a that very least configure for different ITGC and SOX IT controls, scenarios and situations.

    Have members other thoughts on this one

    Best Regards,

    Ian


    ------------------------------
    Ian Cooke
    Audit & Assurance Topic Leader
    ISACA Journal Columnist
    ------------------------------



  • 9.  RE: IT control testing with testing procedures

    Posted 29 Aug, 2019 10:33
    Thanks Ian.

    ------------------------------
    Shridhar Kuppannagari
    Lead Consultant
    ------------------------------